From 72bde6e8d86c94ae9934985e5bad96b584f2c6c8 Mon Sep 17 00:00:00 2001 From: Maurice Debray Date: Thu, 31 Mar 2022 09:36:51 +0200 Subject: [PATCH 01/12] Sites statiques, my --- hosts/hackens-org/configuration.nix | 5 +++ hosts/hackens-org/hackens-my.nix | 10 +++++ hosts/hackens-org/modules/acme-ssl.nix | 13 +++++++ hosts/hackens-org/modules/default.nix | 9 +++++ hosts/hackens-org/modules/my.nix | 27 ++++++++++++++ hosts/hackens-org/modules/static-website.nix | 26 ------------- hosts/hackens-org/modules/staticWebsite.nix | 39 ++++++++++++++++++++ hosts/hackens-org/test-static.nix | 4 ++ 8 files changed, 107 insertions(+), 26 deletions(-) create mode 100644 hosts/hackens-org/hackens-my.nix create mode 100644 hosts/hackens-org/modules/acme-ssl.nix create mode 100644 hosts/hackens-org/modules/default.nix create mode 100644 hosts/hackens-org/modules/my.nix delete mode 100644 hosts/hackens-org/modules/static-website.nix create mode 100644 hosts/hackens-org/modules/staticWebsite.nix create mode 100644 hosts/hackens-org/test-static.nix diff --git a/hosts/hackens-org/configuration.nix b/hosts/hackens-org/configuration.nix index 622e6cb..58dddc2 100644 --- a/hosts/hackens-org/configuration.nix +++ b/hosts/hackens-org/configuration.nix @@ -10,12 +10,17 @@ ./hardware-configuration.nix ./physical.nix ../../profiles/core-hackens + ./hackens-my.nix + #Services ./wiki.nix ./webpass.nix + ./test-static.nix # ./bridge.nix # ./gha.nix # ./sync.nix + #Modules ./misc + ./modules ]; networking.hostName = "hackens-org"; # Define your hostname. diff --git a/hosts/hackens-org/hackens-my.nix b/hosts/hackens-org/hackens-my.nix new file mode 100644 index 0000000..d1d04ce --- /dev/null +++ b/hosts/hackens-org/hackens-my.nix @@ -0,0 +1,10 @@ +# Inspire du club reseau +{ ... }: +{ + imports = [ ./my.nix ]; + + my = { + email = "hackens@clipper.ens.fr"; + acmeStaging = true; + }; +} diff --git a/hosts/hackens-org/modules/acme-ssl.nix b/hosts/hackens-org/modules/acme-ssl.nix new file mode 100644 index 0000000..59b69b9 --- /dev/null +++ b/hosts/hackens-org/modules/acme-ssl.nix @@ -0,0 +1,13 @@ +# Issue du club reseau +{ config, ... }: +let + my = config.my; +in +{ + security.acme.acceptTerms = true; + security.acme.email = my.email; + security.acme.server = + if my.acmeStaging + then "https://acme-staging-v02.api.letsencrypt.org/directory" + else null; +} diff --git a/hosts/hackens-org/modules/default.nix b/hosts/hackens-org/modules/default.nix new file mode 100644 index 0000000..2cb1ee3 --- /dev/null +++ b/hosts/hackens-org/modules/default.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ + imports = [ + ./my.nix + ./acme-ssl.nix + ./staticWebsite.nix + ./nginx.nix + ]; +} diff --git a/hosts/hackens-org/modules/my.nix b/hosts/hackens-org/modules/my.nix new file mode 100644 index 0000000..92caf6f --- /dev/null +++ b/hosts/hackens-org/modules/my.nix @@ -0,0 +1,27 @@ +# Inspiré du club réseau +{ config, lib, ... }: +with lib; +{ + options.my = { + email = mkOption { + description = "Admin email"; + type = str; + default = ""; + example = "hackens@clipper.ens.fr"; + }; + acmeStaging = mkOption { + description = "Enable staging servers"; + type = bool; + default = false; + }; + subZone = mkOption { + description = "Sub zone for hosting the services"; + type = str + + debug = mkOption { + description = "Debug mode"; + type = bool; + default = false; + } + }; +}; diff --git a/hosts/hackens-org/modules/static-website.nix b/hosts/hackens-org/modules/static-website.nix deleted file mode 100644 index 7a4a641..0000000 --- a/hosts/hackens-org/modules/static-website.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, config }: - -with lib; -let - cfg = config.services.static-website.config; - l = builtins.split cfg.name "/"; - name = lists.last l; -in -{ - services.static-website.config = lib.mkOption { - type = with types; attrsOf (submodule { - options.name = mkOption path; - }); - }; - - config = { - services.nginx.enable = cfg.enable; - virtualHosts."${cfg.name}" = { - root = "/var/lib/nginx/static/${name}"; - } - }; -} - -/* TODO -ACME -*/ diff --git a/hosts/hackens-org/modules/staticWebsite.nix b/hosts/hackens-org/modules/staticWebsite.nix new file mode 100644 index 0000000..674276b --- /dev/null +++ b/hosts/hackens-org/modules/staticWebsite.nix @@ -0,0 +1,39 @@ +{ lib, config }: +with lib; +let + eachSite = config.services.static-website; + website = { pkgs, config, name, ... }: { + options = { + root = mkOption { + type = types.path; + default = "/var/lib/nginx/static/${name}"; + description = "Static files path for the website"; + }; + hostname = mkOption { + type = str; + default = name; + description = "Website hostname"; + }; + }; + }; + debug = config.my.debug; +in +{ + services.staticWebsite = lib.mkOption { + type = types.attrsOf (types.submodule website;) + description = "Specification of one or more static-websites to serve"; + }; + + config = (mkIf eachSite != {}) { + services.nginx.enable = cfg; + virtualHosts = mapAttrs ( hostName: conf: { + serverName = conf.path; + root = conf.root; + forceSSL = if debug then false else true; + }) eachSite; + }; +} + +/* TODO +ACME +*/ diff --git a/hosts/hackens-org/test-static.nix b/hosts/hackens-org/test-static.nix new file mode 100644 index 0000000..c17caa6 --- /dev/null +++ b/hosts/hackens-org/test-static.nix @@ -0,0 +1,4 @@ +{ config, ... }: +{ + services.staticWebsite.testStatic.hostname = "test.${my.subZone}"; +} -- 2.47.0 From 06add9c83e333b5acf59fb972d4714d026acf178 Mon Sep 17 00:00:00 2001 From: Your Name Date: Thu, 31 Mar 2022 08:19:43 +0000 Subject: [PATCH 02/12] Site statique, my : Typos --- hosts/hackens-org/hackens-my.nix | 4 ++- hosts/hackens-org/modules/my.nix | 9 +++--- hosts/hackens-org/modules/staticWebsite.nix | 33 ++++++++++----------- hosts/hackens-org/test-static.nix | 2 +- 4 files changed, 25 insertions(+), 23 deletions(-) diff --git a/hosts/hackens-org/hackens-my.nix b/hosts/hackens-org/hackens-my.nix index d1d04ce..f22d3ef 100644 --- a/hosts/hackens-org/hackens-my.nix +++ b/hosts/hackens-org/hackens-my.nix @@ -1,10 +1,12 @@ # Inspire du club reseau { ... }: { - imports = [ ./my.nix ]; + imports = [ ./modules/my.nix ]; my = { email = "hackens@clipper.ens.fr"; acmeStaging = true; + debug = true; + subZone = "new.hackens.org"; }; } diff --git a/hosts/hackens-org/modules/my.nix b/hosts/hackens-org/modules/my.nix index 92caf6f..29f2870 100644 --- a/hosts/hackens-org/modules/my.nix +++ b/hosts/hackens-org/modules/my.nix @@ -1,6 +1,7 @@ # Inspiré du club réseau { config, lib, ... }: with lib; +with types; { options.my = { email = mkOption { @@ -16,12 +17,12 @@ with lib; }; subZone = mkOption { description = "Sub zone for hosting the services"; - type = str - + type = str; + }; debug = mkOption { description = "Debug mode"; type = bool; default = false; - } + }; }; -}; +} diff --git a/hosts/hackens-org/modules/staticWebsite.nix b/hosts/hackens-org/modules/staticWebsite.nix index 674276b..7fd2d7a 100644 --- a/hosts/hackens-org/modules/staticWebsite.nix +++ b/hosts/hackens-org/modules/staticWebsite.nix @@ -1,8 +1,8 @@ -{ lib, config }: +{ lib, config , ... }: with lib; let - eachSite = config.services.static-website; - website = { pkgs, config, name, ... }: { + eachSite = config.services.staticWebsite; + website = { name, ... }: { options = { root = mkOption { type = types.path; @@ -10,7 +10,7 @@ let description = "Static files path for the website"; }; hostname = mkOption { - type = str; + type = types.str; default = name; description = "Website hostname"; }; @@ -19,21 +19,20 @@ let debug = config.my.debug; in { - services.staticWebsite = lib.mkOption { - type = types.attrsOf (types.submodule website;) + options.services.staticWebsite = lib.mkOption { + type = types.attrsOf (types.submodule website); description = "Specification of one or more static-websites to serve"; }; - config = (mkIf eachSite != {}) { - services.nginx.enable = cfg; - virtualHosts = mapAttrs ( hostName: conf: { - serverName = conf.path; - root = conf.root; - forceSSL = if debug then false else true; - }) eachSite; + config = mkIf (eachSite != {}) { + services.nginx = { + enable = true; + virtualHosts = mapAttrs ( hostName: conf: { + serverName = conf.hostname; + root = conf.root; + forceSSL = if debug then false else true; + enableACME = if debug then false else true; + }) eachSite; + }; }; } - -/* TODO -ACME -*/ diff --git a/hosts/hackens-org/test-static.nix b/hosts/hackens-org/test-static.nix index c17caa6..8a0094a 100644 --- a/hosts/hackens-org/test-static.nix +++ b/hosts/hackens-org/test-static.nix @@ -1,4 +1,4 @@ { config, ... }: { - services.staticWebsite.testStatic.hostname = "test.${my.subZone}"; + services.staticWebsite.test.hostname = "test.${config.my.subZone}"; } -- 2.47.0 From 409b515df3ed30c1aa63229ddabf03cc8dfb203b Mon Sep 17 00:00:00 2001 From: Maurice Debray Date: Thu, 31 Mar 2022 11:50:41 +0200 Subject: [PATCH 03/12] Nouveau site de test --- hosts/hackens-org/test-static.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/hackens-org/test-static.nix b/hosts/hackens-org/test-static.nix index 8a0094a..f3146d6 100644 --- a/hosts/hackens-org/test-static.nix +++ b/hosts/hackens-org/test-static.nix @@ -1,4 +1,7 @@ { config, ... }: { - services.staticWebsite.test.hostname = "test.${config.my.subZone}"; + services.staticWebsite.test = { + hostname = "test.${config.my.subZone}"; + root = pkgs.writeTextDir "index.html" "Hello world!"; + }; } -- 2.47.0 From 9a3ea384289d6d7afc01fcd6653c73843fdb626c Mon Sep 17 00:00:00 2001 From: Your Name Date: Thu, 31 Mar 2022 09:58:42 +0000 Subject: [PATCH 04/12] Typos --- hosts/hackens-org/test-static.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hackens-org/test-static.nix b/hosts/hackens-org/test-static.nix index f3146d6..c37a6a8 100644 --- a/hosts/hackens-org/test-static.nix +++ b/hosts/hackens-org/test-static.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }: { services.staticWebsite.test = { hostname = "test.${config.my.subZone}"; -- 2.47.0 From d605ff23782e3df41ab2f4a2900355846df8c71f Mon Sep 17 00:00:00 2001 From: Maurice Debray Date: Thu, 31 Mar 2022 12:03:21 +0200 Subject: [PATCH 05/12] activation acme --- hosts/hackens-org/hackens-my.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hackens-org/hackens-my.nix b/hosts/hackens-org/hackens-my.nix index f22d3ef..ea56f7a 100644 --- a/hosts/hackens-org/hackens-my.nix +++ b/hosts/hackens-org/hackens-my.nix @@ -6,7 +6,7 @@ my = { email = "hackens@clipper.ens.fr"; acmeStaging = true; - debug = true; + debug = false; subZone = "new.hackens.org"; }; } -- 2.47.0 From b72022b01255f802ee6d8ec87d424b75d31fb387 Mon Sep 17 00:00:00 2001 From: Maurice Debray Date: Sat, 2 Apr 2022 15:47:36 +0200 Subject: [PATCH 06/12] Webhook service --- hosts/hackens-org/modules/default.nix | 1 + hosts/hackens-org/modules/webhook.nix | 55 +++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 hosts/hackens-org/modules/webhook.nix diff --git a/hosts/hackens-org/modules/default.nix b/hosts/hackens-org/modules/default.nix index 2cb1ee3..74e25e4 100644 --- a/hosts/hackens-org/modules/default.nix +++ b/hosts/hackens-org/modules/default.nix @@ -5,5 +5,6 @@ ./acme-ssl.nix ./staticWebsite.nix ./nginx.nix + ./webhook.nix ]; } diff --git a/hosts/hackens-org/modules/webhook.nix b/hosts/hackens-org/modules/webhook.nix new file mode 100644 index 0000000..0ec683c --- /dev/null +++ b/hosts/hackens-org/modules/webhook.nix @@ -0,0 +1,55 @@ +{ pkgs, config, lib, ... }: +with lib; +let + json = pkgs.formats.json {}; + cfg = config.services.webhook; + debug = config.my.debug; +in + options.services.webhook = { + enable = mkEnableOption "Set up webhooks"; + pkg = mkOption { + type = types.package; + default = pkgs.webhook; + description = "`webhook` package to use"; + }; + hostname = mkOption { + type = types.str; + description = "The vhost on which webhook will listen"; + }; + endPoint = mkOption { + type = types.str; + default = "hooks"; + description = "The endpoint of the webhooks"; + }; + hooks = mkOption { + type = types.listOf (types.submodule { + options = mkOption { + type = json.type; + description = "Configuration for this webhook, check for supported values" + }; + }); + description = "An list of enabled webhooks"; + }; + internalPort = mkOption { + type = types.int; + default = 9000; + description = "The local port used to (proxy)pass requests from nginx to webhook"; + }; + }; + config = mkIf cfg.enable { + services.nginx = { + enableACME = if debug then false else true; + enable = true; + virtualHosts."${cfg.hostname}".locations."${endpoint}".proxyPass = "http://127.0.0.1:${cfg.internalPort}/hooks"; + }; + systemd.services.webhook = { + unitConfig = { + Description = "Small server for creating HTTP hooks"; + Documentation = "https://github.com/adnanh/webhook/"; + }; + serviceConfig = { + ExecStart = "${cfg.pkg} -ip \"127.0.0.1\" -port \"${cfg.internalPort}\" -verbose -hooks ${json.generate "conf.json" cfg.hooks}"; + }; + wantedBy = [ "mulit-user.target" ]; + +} -- 2.47.0 From 783f11a57a755c1daa143773fb60122108b4beeb Mon Sep 17 00:00:00 2001 From: Your Name Date: Sat, 2 Apr 2022 14:21:46 +0000 Subject: [PATCH 07/12] webhook: typos --- hosts/hackens-org/modules/webhook.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/hosts/hackens-org/modules/webhook.nix b/hosts/hackens-org/modules/webhook.nix index 0ec683c..62d3562 100644 --- a/hosts/hackens-org/modules/webhook.nix +++ b/hosts/hackens-org/modules/webhook.nix @@ -5,6 +5,7 @@ let cfg = config.services.webhook; debug = config.my.debug; in +{ options.services.webhook = { enable = mkEnableOption "Set up webhooks"; pkg = mkOption { @@ -25,7 +26,7 @@ in type = types.listOf (types.submodule { options = mkOption { type = json.type; - description = "Configuration for this webhook, check for supported values" + description = "Configuration for this webhook, check for supported values"; }; }); description = "An list of enabled webhooks"; @@ -38,9 +39,11 @@ in }; config = mkIf cfg.enable { services.nginx = { - enableACME = if debug then false else true; enable = true; - virtualHosts."${cfg.hostname}".locations."${endpoint}".proxyPass = "http://127.0.0.1:${cfg.internalPort}/hooks"; + virtualHosts."${cfg.hostname}" = { + locations."${endpoint}".proxyPass = "http://127.0.0.1:${cfg.internalPort}/hooks"; + enableACME = if debug then false else true; + }; }; systemd.services.webhook = { unitConfig = { @@ -51,5 +54,6 @@ in ExecStart = "${cfg.pkg} -ip \"127.0.0.1\" -port \"${cfg.internalPort}\" -verbose -hooks ${json.generate "conf.json" cfg.hooks}"; }; wantedBy = [ "mulit-user.target" ]; - + }; + }; } -- 2.47.0 From 5f02d633bd47d2abe7f053280068aa87eefd5006 Mon Sep 17 00:00:00 2001 From: Your Name Date: Sat, 2 Apr 2022 16:06:41 +0000 Subject: [PATCH 08/12] Debug des webhooks --- hosts/hackens-org/modules/webhook.nix | 16 +++++----------- hosts/hackens-org/test-webhook.nix | 17 +++++++++++++++++ 2 files changed, 22 insertions(+), 11 deletions(-) create mode 100644 hosts/hackens-org/test-webhook.nix diff --git a/hosts/hackens-org/modules/webhook.nix b/hosts/hackens-org/modules/webhook.nix index 62d3562..130885e 100644 --- a/hosts/hackens-org/modules/webhook.nix +++ b/hosts/hackens-org/modules/webhook.nix @@ -23,13 +23,8 @@ in description = "The endpoint of the webhooks"; }; hooks = mkOption { - type = types.listOf (types.submodule { - options = mkOption { - type = json.type; - description = "Configuration for this webhook, check for supported values"; - }; - }); - description = "An list of enabled webhooks"; + type = json.type; + description = "Configuration for this webhook, check for supported values"; }; internalPort = mkOption { type = types.int; @@ -41,18 +36,17 @@ in services.nginx = { enable = true; virtualHosts."${cfg.hostname}" = { - locations."${endpoint}".proxyPass = "http://127.0.0.1:${cfg.internalPort}/hooks"; + locations."${cfg.endPoint}".proxyPass = "http://127.0.0.1:${toString cfg.internalPort}/hooks"; enableACME = if debug then false else true; }; }; systemd.services.webhook = { + enable = true; unitConfig = { Description = "Small server for creating HTTP hooks"; Documentation = "https://github.com/adnanh/webhook/"; }; - serviceConfig = { - ExecStart = "${cfg.pkg} -ip \"127.0.0.1\" -port \"${cfg.internalPort}\" -verbose -hooks ${json.generate "conf.json" cfg.hooks}"; - }; + script = "${cfg.pkg}/bin/webhook -nopanic -ip \"127.0.0.1\" -port \"${toString cfg.internalPort}\" -verbose -hooks ${json.generate "conf.json" cfg.hooks}"; wantedBy = [ "mulit-user.target" ]; }; }; diff --git a/hosts/hackens-org/test-webhook.nix b/hosts/hackens-org/test-webhook.nix new file mode 100644 index 0000000..b287451 --- /dev/null +++ b/hosts/hackens-org/test-webhook.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: +{ + services.webhook = { + enable = true; + hostname = "test-webhook.${config.my.subZone}"; + hooks = [ + { + id = "testhook"; + execute-command = pkgs.writeScript "echo.sh" '' + #!/bin/sh + echo "Bonjour" + ''; + response-message = "Test hook sucess"; + } + ]; + }; +} -- 2.47.0 From 19c2b1326acfdfdad8d378ab01013ac149d5a4dc Mon Sep 17 00:00:00 2001 From: Maurice Debray Date: Sun, 3 Apr 2022 01:27:30 +0200 Subject: [PATCH 09/12] =?UTF-8?q?Renommages,=20am=C3=A9liorations=20mineur?= =?UTF-8?q?es?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- hosts/hackens-org/hackens-my.nix | 4 ++-- .../{staticWebsite.nix => staticWebsites.nix} | 16 ++++++++++------ .../modules/{webhook.nix => webhooks.nix} | 16 +++++++++------- hosts/hackens-org/test-static.nix | 2 +- hosts/hackens-org/test-webhook.nix | 2 +- 5 files changed, 23 insertions(+), 17 deletions(-) rename hosts/hackens-org/modules/{staticWebsite.nix => staticWebsites.nix} (69%) rename hosts/hackens-org/modules/{webhook.nix => webhooks.nix} (75%) diff --git a/hosts/hackens-org/hackens-my.nix b/hosts/hackens-org/hackens-my.nix index ea56f7a..47d8a36 100644 --- a/hosts/hackens-org/hackens-my.nix +++ b/hosts/hackens-org/hackens-my.nix @@ -1,11 +1,11 @@ # Inspire du club reseau -{ ... }: +{ lib, ... }: { imports = [ ./modules/my.nix ]; my = { email = "hackens@clipper.ens.fr"; - acmeStaging = true; + acmeStaging = lib.mkDefault true; debug = false; subZone = "new.hackens.org"; }; diff --git a/hosts/hackens-org/modules/staticWebsite.nix b/hosts/hackens-org/modules/staticWebsites.nix similarity index 69% rename from hosts/hackens-org/modules/staticWebsite.nix rename to hosts/hackens-org/modules/staticWebsites.nix index 7fd2d7a..83d9d46 100644 --- a/hosts/hackens-org/modules/staticWebsite.nix +++ b/hosts/hackens-org/modules/staticWebsites.nix @@ -1,7 +1,7 @@ { lib, config , ... }: with lib; let - eachSite = config.services.staticWebsite; + eachSite = config.services.staticWebsites; website = { name, ... }: { options = { root = mkOption { @@ -16,14 +16,18 @@ let }; }; }; - debug = config.my.debug; in { - options.services.staticWebsite = lib.mkOption { - type = types.attrsOf (types.submodule website); - description = "Specification of one or more static-websites to serve"; + options.services.staticWebsites = { + sites = mkOption { + type = types.attrsOf (types.submodule website); + description = "Specification of one or more static websites to serve"; + }; + debug = mkOption { + type = types.bool; + default = false; + }; }; - config = mkIf (eachSite != {}) { services.nginx = { enable = true; diff --git a/hosts/hackens-org/modules/webhook.nix b/hosts/hackens-org/modules/webhooks.nix similarity index 75% rename from hosts/hackens-org/modules/webhook.nix rename to hosts/hackens-org/modules/webhooks.nix index 130885e..d83664d 100644 --- a/hosts/hackens-org/modules/webhook.nix +++ b/hosts/hackens-org/modules/webhooks.nix @@ -3,12 +3,11 @@ with lib; let json = pkgs.formats.json {}; cfg = config.services.webhook; - debug = config.my.debug; in { - options.services.webhook = { + options.services.webhooks = { enable = mkEnableOption "Set up webhooks"; - pkg = mkOption { + package = mkOption { type = types.package; default = pkgs.webhook; description = "`webhook` package to use"; @@ -17,7 +16,7 @@ in type = types.str; description = "The vhost on which webhook will listen"; }; - endPoint = mkOption { + endpoint = mkOption { type = types.str; default = "hooks"; description = "The endpoint of the webhooks"; @@ -31,13 +30,16 @@ in default = 9000; description = "The local port used to (proxy)pass requests from nginx to webhook"; }; + debug = mkOption { + type = types.bool; + default = false; }; config = mkIf cfg.enable { services.nginx = { enable = true; virtualHosts."${cfg.hostname}" = { - locations."${cfg.endPoint}".proxyPass = "http://127.0.0.1:${toString cfg.internalPort}/hooks"; - enableACME = if debug then false else true; + locations."${cfg.endpoint}".proxyPass = "http://127.0.0.1:${toString cfg.internalPort}/hooks"; + enableACME = if cfg.debug then false else true; }; }; systemd.services.webhook = { @@ -46,7 +48,7 @@ in Description = "Small server for creating HTTP hooks"; Documentation = "https://github.com/adnanh/webhook/"; }; - script = "${cfg.pkg}/bin/webhook -nopanic -ip \"127.0.0.1\" -port \"${toString cfg.internalPort}\" -verbose -hooks ${json.generate "conf.json" cfg.hooks}"; + script = "${cfg.package}/bin/webhook -nopanic -ip \"127.0.0.1\" -port \"${toString cfg.internalPort}\" -verbose -hooks ${json.generate "conf.json" cfg.hooks}"; wantedBy = [ "mulit-user.target" ]; }; }; diff --git a/hosts/hackens-org/test-static.nix b/hosts/hackens-org/test-static.nix index c37a6a8..bb61648 100644 --- a/hosts/hackens-org/test-static.nix +++ b/hosts/hackens-org/test-static.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: { - services.staticWebsite.test = { + services.staticWebsites.test = { hostname = "test.${config.my.subZone}"; root = pkgs.writeTextDir "index.html" "Hello world!"; }; diff --git a/hosts/hackens-org/test-webhook.nix b/hosts/hackens-org/test-webhook.nix index b287451..dacb339 100644 --- a/hosts/hackens-org/test-webhook.nix +++ b/hosts/hackens-org/test-webhook.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: { - services.webhook = { + services.webhooks = { enable = true; hostname = "test-webhook.${config.my.subZone}"; hooks = [ -- 2.47.0 From 083b638d775d0309458d681ba9d2adf963acdbcf Mon Sep 17 00:00:00 2001 From: Maurice Debray Date: Sun, 3 Apr 2022 01:53:19 +0200 Subject: [PATCH 10/12] =?UTF-8?q?Ajout=20de=20r=C3=A8gles=20location=20aux?= =?UTF-8?q?=20sites=20statiques,=20deploiement=20du=202048?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- hosts/hackens-org/2048.nix | 15 +++++++++ hosts/hackens-org/modules/staticWebsites.nix | 34 ++++++++++++++++---- 2 files changed, 42 insertions(+), 7 deletions(-) create mode 100644 hosts/hackens-org/2048.nix diff --git a/hosts/hackens-org/2048.nix b/hosts/hackens-org/2048.nix new file mode 100644 index 0000000..7de6c21 --- /dev/null +++ b/hosts/hackens-org/2048.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: +{ + staticWebsites.sites = { + "2048" = { + root = pkgs.fetchFromGitHub { + owner = "hackEns"; + repo = "2048NdS"; + rev = "1df6db154ca22c380eb52844c7a6a7f888fb5610"; + sha256 = "087471kpbpcg5920wy6fgcx6jz613zbyy0jn5iiimwjk1im1wa4q"; + }; + hostname = config.my.subZone; + location = "/2048"; + }; + }; +} diff --git a/hosts/hackens-org/modules/staticWebsites.nix b/hosts/hackens-org/modules/staticWebsites.nix index 83d9d46..fa12992 100644 --- a/hosts/hackens-org/modules/staticWebsites.nix +++ b/hosts/hackens-org/modules/staticWebsites.nix @@ -1,7 +1,7 @@ { lib, config , ... }: with lib; let - eachSite = config.services.staticWebsites; + eachSite = config.services.staticWebsites.sites; website = { name, ... }: { options = { root = mkOption { @@ -14,6 +14,11 @@ let default = name; description = "Website hostname"; }; + location = mkOption { + type = types.nullOr types.str; + default = null; + description = "Add a location rule if not null"; + }; }; }; in @@ -31,12 +36,27 @@ in config = mkIf (eachSite != {}) { services.nginx = { enable = true; - virtualHosts = mapAttrs ( hostName: conf: { - serverName = conf.hostname; - root = conf.root; - forceSSL = if debug then false else true; - enableACME = if debug then false else true; - }) eachSite; + virtualHosts = mapAttrs ( hostName: conf: (mkMerge [ + { + serverName = conf.hostname; + forceSSL = if debug then false else true; + enableACME = if debug then false else true; + } + + (mkIf (conf.location == null) { + root = conf.root; + }) + + (mkIf (conf.location != null) { + location = { + "~ ^${conf.location}" = { + alias = conf.root; + }; + }; + }) + + ]) + ) eachSite; }; }; } -- 2.47.0 From e8c4ce84c261108e4f84bbd36bc615ef29ea3441 Mon Sep 17 00:00:00 2001 From: Your Name Date: Sun, 3 Apr 2022 15:54:55 +0000 Subject: [PATCH 11/12] Refactorisation: deplacement acme-ssl.nix --- hosts/hackens-org/{modules => }/acme-ssl.nix | 0 hosts/hackens-org/modules/default.nix | 1 - 2 files changed, 1 deletion(-) rename hosts/hackens-org/{modules => }/acme-ssl.nix (100%) diff --git a/hosts/hackens-org/modules/acme-ssl.nix b/hosts/hackens-org/acme-ssl.nix similarity index 100% rename from hosts/hackens-org/modules/acme-ssl.nix rename to hosts/hackens-org/acme-ssl.nix diff --git a/hosts/hackens-org/modules/default.nix b/hosts/hackens-org/modules/default.nix index 74e25e4..e1ff977 100644 --- a/hosts/hackens-org/modules/default.nix +++ b/hosts/hackens-org/modules/default.nix @@ -2,7 +2,6 @@ { imports = [ ./my.nix - ./acme-ssl.nix ./staticWebsite.nix ./nginx.nix ./webhook.nix -- 2.47.0 From 13e949996dd18f6bd20c6251f5f5ddb5a20a574e Mon Sep 17 00:00:00 2001 From: Your Name Date: Sun, 3 Apr 2022 17:26:31 +0000 Subject: [PATCH 12/12] Deploiement 2048 bis ; debug staticWebsites.location --- hosts/hackens-org/2048.nix | 4 +- hosts/hackens-org/modules/default.nix | 4 +- hosts/hackens-org/modules/staticWebsites.nix | 42 ++++++++++---------- hosts/hackens-org/modules/webhooks.nix | 5 ++- hosts/hackens-org/test-static.nix | 2 +- hosts/hackens-org/wiki.nix | 4 +- 6 files changed, 32 insertions(+), 29 deletions(-) diff --git a/hosts/hackens-org/2048.nix b/hosts/hackens-org/2048.nix index 7de6c21..652d11f 100644 --- a/hosts/hackens-org/2048.nix +++ b/hosts/hackens-org/2048.nix @@ -1,12 +1,12 @@ { config, pkgs, ... }: { - staticWebsites.sites = { + services.staticWebsites.sites = { "2048" = { root = pkgs.fetchFromGitHub { owner = "hackEns"; repo = "2048NdS"; rev = "1df6db154ca22c380eb52844c7a6a7f888fb5610"; - sha256 = "087471kpbpcg5920wy6fgcx6jz613zbyy0jn5iiimwjk1im1wa4q"; + sha256 = "1y2v637j0g03g4l80ag72pm9kc46f07npir7ddp8i6x15bzygj1a"; }; hostname = config.my.subZone; location = "/2048"; diff --git a/hosts/hackens-org/modules/default.nix b/hosts/hackens-org/modules/default.nix index e1ff977..8a5e678 100644 --- a/hosts/hackens-org/modules/default.nix +++ b/hosts/hackens-org/modules/default.nix @@ -2,8 +2,8 @@ { imports = [ ./my.nix - ./staticWebsite.nix + ./staticWebsites.nix ./nginx.nix - ./webhook.nix + ./webhooks.nix ]; } diff --git a/hosts/hackens-org/modules/staticWebsites.nix b/hosts/hackens-org/modules/staticWebsites.nix index fa12992..d0858d3 100644 --- a/hosts/hackens-org/modules/staticWebsites.nix +++ b/hosts/hackens-org/modules/staticWebsites.nix @@ -36,27 +36,29 @@ in config = mkIf (eachSite != {}) { services.nginx = { enable = true; - virtualHosts = mapAttrs ( hostName: conf: (mkMerge [ - { - serverName = conf.hostname; - forceSSL = if debug then false else true; - enableACME = if debug then false else true; - } - - (mkIf (conf.location == null) { - root = conf.root; - }) - - (mkIf (conf.location != null) { - location = { - "~ ^${conf.location}" = { - alias = conf.root; + virtualHosts = mapAttrs' ( hostname: conf: { + name = conf.hostname; + value = (mkMerge [ + { + serverName = conf.hostname; + forceSSL = if config.services.staticWebsites.debug then false else true; + enableACME = if config.services.staticWebsites.debug then false else true; + } + + (mkIf (conf.location == null) { + root = conf.root; + }) + + (mkIf (conf.location != null) { + locations = { + "${conf.location}/" = { + alias = "${conf.root}/"; + }; }; - }; - }) - - ]) - ) eachSite; + }) + + ]); + }) eachSite; }; }; } diff --git a/hosts/hackens-org/modules/webhooks.nix b/hosts/hackens-org/modules/webhooks.nix index d83664d..d3e87b8 100644 --- a/hosts/hackens-org/modules/webhooks.nix +++ b/hosts/hackens-org/modules/webhooks.nix @@ -2,7 +2,7 @@ with lib; let json = pkgs.formats.json {}; - cfg = config.services.webhook; + cfg = config.services.webhooks; in { options.services.webhooks = { @@ -33,6 +33,7 @@ in debug = mkOption { type = types.bool; default = false; + }; }; config = mkIf cfg.enable { services.nginx = { @@ -50,6 +51,6 @@ in }; script = "${cfg.package}/bin/webhook -nopanic -ip \"127.0.0.1\" -port \"${toString cfg.internalPort}\" -verbose -hooks ${json.generate "conf.json" cfg.hooks}"; wantedBy = [ "mulit-user.target" ]; - }; + }; }; } diff --git a/hosts/hackens-org/test-static.nix b/hosts/hackens-org/test-static.nix index bb61648..6faa509 100644 --- a/hosts/hackens-org/test-static.nix +++ b/hosts/hackens-org/test-static.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: { - services.staticWebsites.test = { + services.staticWebsites.sites.test = { hostname = "test.${config.my.subZone}"; root = pkgs.writeTextDir "index.html" "Hello world!"; }; diff --git a/hosts/hackens-org/wiki.nix b/hosts/hackens-org/wiki.nix index d2c3051..e9b40f2 100644 --- a/hosts/hackens-org/wiki.nix +++ b/hosts/hackens-org/wiki.nix @@ -1,8 +1,8 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { networking.firewall.allowedTCPPorts = [ 80 443 ]; # TODO: move to hackens.org - services.dokuwiki.sites."hackens.ens.fr" = { + services.dokuwiki.sites."${config.my.subZone}" = { enable = true; extraConfig = '' -- 2.47.0